The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute agent-browser CLI commands for navigating and interacting with websites. This grants the agent the ability to perform complex actions on both the local machine and remote web services.- [REMOTE_CODE_EXECUTION]: The agent-browser eval command allows for the execution of arbitrary JavaScript within the browser context. The documentation highlights methods like Base64 encoding (-b) and standard input (--stdin) to facilitate this, which could be used to execute hidden or complex logic on web pages.- [DATA_EXFILTRATION]: The skill includes functionality for extracting text content, capturing screenshots, and exporting session states (cookies and local storage). These features could be leveraged to extract sensitive information from authenticated web sessions.- [CREDENTIALS_UNSAFE]: The skill manages authentication by saving session data, including tokens and cookies, to local files (e.g., auth.json). While the documentation advises against committing these files, the mechanism itself stores highly sensitive credentials in a potentially insecure manner.- [PROMPT_INJECTION]: The skill interacts with untrusted web content from arbitrary URLs. Malicious instructions embedded in a website could be ingested by the agent via commands like snapshot or get text, potentially leading to indirect prompt injection and causing the agent to deviate from its intended instructions.

browser-automation